There is now a recipe - not really a new one, it's "vncproxy" with some
attributes renamed - which handles the relevant packages and services
(Debian names confirmed to have been valid at least since Jessie,
Ubuntu and RHEL ones based on existing convention + review comments).
Furthermore, nova.conf is now populated with required enpoint information
- with hopefully sane default values of relevant attributes.
Finally, the attribute node['openstack']['compute']['console_type']
can be used to enable the desired console type; it defaults to 'vnc'
in accordance with default Nova configuration.
Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I0996daddda6d21633930ba73e174f99775a9e0c9
Modern versions of OpenStack (confirmed under Rocky and Victoria)
have two separate keys for specifying memcached servers to use - one
for Nova itself (which the cookbook already handled) and one for the
Keystone middleware (which it did not). As a result, with only the former
set Nova keeps on complaining in the logs (at least under Rocky) about
still using in-process token cache.
Signed-off-by: Marek Szuba <marek.szuba@cern.ch>
Change-Id: I7930048a55a26e66c1dd041245ae5b23794eada1
Also pull bind cookbook from git to fix version pinning issues.
Change-Id: I0c6a50d33622a9dd6deff66ea204c56d6b5657c6
Signed-off-by: Lance Albertson <lance@osuosl.org>
In [0] we followed the release-note about using threads=1 for the nova-api
service, but missed that the nova-metadata and placement service are
affected by the same issue.
[0] Iebf78d24c57a069eabced1bf35051cbae5014902
Change-Id: I9107ca1a135ac090dc9cf80b5192eed4838595df
Update ChefSpec due to changes made in apache2 cookbook.
Depends-On: https://review.opendev.org/756168
Change-Id: I3ec792c519650b2d95a976ad50419a9b417a3514
Signed-off-by: Lance Albertson <lance@osuosl.org>
The current code tries to restart apache for every change to
/etc/nova/nova.conf even on compute nodes that do not have apache
installed. This changeset splits out the apache service resource into a
separate recipe that (unlike nova-common) is not included by the compute
recipe.
backport: stein
Change-Id: I87dda61dfabec460fe042b4cee21277382dd9487
The major change in this release is that the placement-api code base has been
removed from nova and put into it's own project called placement [1]. Users who
are coming from Stein will need to follow the upgrade guide [2] to properly
upgrade to the new service.
All attributes related to placement-api have been moved into their own files
including configuration file attributes for placement.conf.
Added:
- Template to manage /etc/placement/placement.conf
- Include openstack-compute::_nova_cell recipe to nova-setup so that the db
migrations happen properly
Changed:
- Update release to train
- Migrated from nova-placement-api to placement-api [1]
Fixed:
- Cookstyle & ChefSpec
- Ordering of db syncs which was causing issues for Train
- Set default['openstack']['compute']['syslog']['use'] to false by default
- Various comments
Removed:
- Removed references to nova-consoleauth which has been removed upstream [3]
- Removed references to xvpvnc which was removed upstream
- Unused .rubocop.yml and .rubocop_todo.yml
[1] https://docs.openstack.org/releasenotes/placement/train.html
[2] https://docs.openstack.org/placement/latest/admin/upgrade-to-stein.html
[3] https://docs.openstack.org/releasenotes/nova/train.html#prelude
Change-Id: I996bcd2f63a080e10fadf0c7adf9a0ddcb0b5c7a
Depends-On: https://review.opendev.org/731859
Depends-On: https://review.opendev.org/731860
Depends-On: https://review.opendev.org/731861
This adds some attributes for adjusting the thread counts for each wsgi
application. By default we use 10 threads, however for the api service, it needs
to be set to 1 due to this upstream issue [1]. In addition, increase the
processes for the api service to 6 to account for the reduction in threads.
[1] https://docs.openstack.org/releasenotes/nova/stein.html#known-issues
Change-Id: Iebf78d24c57a069eabced1bf35051cbae5014902
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/nova/nova.conf] to
resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Add metadata to enabled_apis as that is the default upstream
- Switch to user resource for managing shell for nova user
- Switch to libvirtd instead of libvirt-bin for Ubuntu service name
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/706157
Change-Id: I7e03fb9dace6e288a3b21f33106245b30b52ce9d
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.
Additional fixes:
- Install mod_wsgi as a package on RHEL since there is no built-in
resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
by Chef now automatically.
- Fix resource ordering in placement_api
- Improve ChefSpec tests
- Add missing placement_api RHEL tests
- Fix issues with chain file and cipher suite in in wsgi template
- Include additional cookbooks in Berksfile required for CI
Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib404ab6bfcae3340fd7f0f924539ca6c445b55cf
This updates all references of let(:chef_run) to cached(:chef_run) to
speed up tests. By doing this, we have to create a new cached(:chef_run)
block whenever we need to adjust node attributes for testing.
- Remove unused default recipe ChefSpec
- Formatting cleanup
Speed was improved from 7 minutes 17 seconds to 1 minute 34.18 seconds
Change-Id: I8bdde8b68371d25275aa78d9438f5aeff960062f
- Replace git.openstack.org with opendev.org
- Update some documentation
- Move README.md to README.rst for better rendering
- Drop obsolete bootstrap.sh script
Change-Id: I0fd381bceadcd43a258e04b2cbea8a1a3785dd1b
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Depends-On: https://review.opendev.org/682918
Change-Id: Ia3adf776d48ebbf364530201f85307805a6b48d6
This uses edit_resource to add a notification in the nova-api,
nova-api-metadata and nova-placement-api apache configurations when one
of them gets updated. This is a workaround due to the fact we are using
a version of the apache2 cookbook that is still using definitions and
cannot add notifications with definitions.
This is intended to ensure we only restart apache when the configuration
is updated. Otherwise, the old behaviour was to restart apache on every
run which is problematic in production environments. I have been using
this in our production wrapper cookbook for the past year or so without
any issue.
This will be removed in the Stein release when we migrate to the newer
apache2 cookbook which uses proper resources.
Also amend the Berksfile to point to the new opendev.org location.
Change-Id: I55e6ea4124017e0f44f92f6a2fb01baad5a27555
Signed-off-by: Lance Albertson <lance@osuosl.org>
If apache is (re)starting while the chef-client installs the
nova-placement-api package, it may pick up the vanilla apache2 conf file
before chef-client gets around to fixing it which may result in apache2
failing due to a non-working configuration.
This changeset eliminates the race by creating a valid configuration
before installing the software. The solution is based on the assumption
that no reasonably configured package manager will overwrite an
existing, user-created configuration file.
backport: queens
Change-Id: Id9f1d165411fc5b3cc73b29a36840cf4dc63d81b
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that. In addition, comment out endpoint type until this PR [1] gets
merged and released.
[1] https://github.com/fog/fog-openstack/pull/494
Depends-On: https://review.opendev.org/666176
Change-Id: I99dceff452695302865d267ca4cd5e8aa094ead5
Signed-off-by: Lance Albertson <lance@osuosl.org>
This option never belonged there anyway, we hardcode to "v3" in the
keystone_authtoken section already.
Change-Id: If2d13f9c4eee0a3e1083b39dc55627007c936c77
Ubuntu now allows to choose between python(2)- and python3-based
packages, installing neither variant by default. So we need to choose
and install one version explicitly, since python3-nova still seems to
have some issues with running under uwsgi, let's start with the python2
variant.
Change-Id: Iee78b5f7de885748fd590e339623f6d2f2fb096b
This patch replaces nova.conf.erb with openstack-service.conf.erb from
the openstack-common cookbook.
Besides removing some redundancy, it also makes nova.conf more readable
(due to a fix to openstack-service.conf.erb that never made it to
nova.conf.erb).
backport: queens pike
Change-Id: I07aeb7617ca152f66ec239cef4bcbef642c66bf7
Without www_authenticate_uri set, nova logs contain warnings:
WARNING keystonemiddleware.auth_token
Configuring www_authenticate_uri to point to the public identity
endpoint is required; clients may not be able to authenticate
against an admin endpoint
backport: queens
Change-Id: I0ff8202455b576227b882670c7254487b5e11f25
Replace the hardcoded bloated template with a variant of our standard
template that only includes the values that are really needed.
This will allow deployments to override the default values and for
example deploy libvirtd with TLS authentication according to [0].
[0] https://wiki.openstack.org/wiki/OSSN/OSSN-0007
Change-Id: Ib7b305670f525bbf975ec33ed070e2d960347ef4
* removed all unused attributes
* removed vmware specific configuration option that can be set in a
wrapper cookbook (and was not maintained for quite some time)
* removed caseswitch for nova user and group since we currently only
support debian and rhel
* moved all libvirtd related config options to specific attribute file
in preparation for further refactoring
Change-Id: I42a0bbcd03a570b9d6d24ba32ed2cafacc33ec76
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I4ba7d342c78ba223329ed924d03efdfbd7ad2262